Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pimcore vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-28429
Pimcore is an open source data and experience management platform. Versions before 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account t...
Pimcore Pimcore
9
CVSSv3
CVE-2021-4139
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Pimcore Pimcore
4.3
CVSSv3
CVE-2021-4146
Business Logic Errors in GitHub repository pimcore/pimcore before 10.2.6.
Pimcore Pimcore
5.3
CVSSv3
CVE-2021-39189
Pimcore is an open source data & experience management platform. In versions before 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually.
Pimcore Pimcore
6.1
CVSSv3
CVE-2021-4081
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Pimcore Pimcore
4.3
CVSSv3
CVE-2021-4082
pimcore is vulnerable to Cross-Site Request Forgery (CSRF)
Pimcore Pimcore
6.1
CVSSv3
CVE-2021-4084
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Pimcore Pimcore
7.5
CVSSv3
CVE-2022-1219
SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore before 10.3.5. This vulnerability is capable of steal the data
Pimcore Pimcore
7.5
CVSSv3
CVE-2022-1339
SQL injection in ElementController.php in GitHub repository pimcore/pimcore before 10.3.5. This vulnerability is capable of steal the data
Pimcore Pimcore
5.4
CVSSv3
CVE-2022-1351
Stored XSS in Tooltip in GitHub repository pimcore/pimcore before 10.4.
Pimcore Pimcore
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »